erm – iso 31000 five risk management best practices · why erm – iso 31000 § future of risk...
TRANSCRIPT
Why ERM – ISO 31000
§ Future of Risk Management § International Standard of Risk Management § Risk Management Education Using ERM § Better Decisions § Greater Accountability § Reduce Losses § Improve Outcomes
ERM Process
§ Establish internal and external context
§ Risk assessment § Risk treatment § Monitor results § Communicate and consult with
internal and external stakeholders
ESTABLISHING THE CONTEXT
Risk Assessment • Risk Identification
• Risk Analysis • Risk Evaluation
Risk Treatment Com
mun
icat
ions
& C
onsu
ltatio
n
Monitoring &
Review
Establish Context 1. Mission/Strategic Plan 2. Risk Tolerance 3. Risk Policy 4. Internal & External Stakeholders
Align uncertainties with your Mission. • What is your purpose? • How do risks contribute
to your mission?
Align with your entity’s Strategic Plan • How you will achieve
your goals?
Mission & Strategic Plan
Determine your risk tolerance • High • Moderate • Low
Determine amount of risk to retain vs.
transfer
Risk Tolerance & Appetite
Develop a risk policy that outlines • ERM objectives • Executive responsibility • Board risk oversight committee responsibility • Staff risk management committee responsibility
Risk Policy
Various department
reps Identify risk exposures
Assign risk owners
Develop transfer or methods to
reduce risks
Risk Treatment
Plans
4. ERM Team
Identify who the stakeholders are
for your entity
How do they play a role in your
ERM program?
5. Internal & External Stakeholders
Establishing the Context
RISK ASSESSMENT • RISK IDENTIFICATION
• Risk Analysis • Risk Evaluation
Risk Treatment Com
mun
icat
ions
& C
onsu
ltatio
n
Monitoring &
Review
Risk Assessment: Risk Identification
Financial Business Model Political Competition Underwriting Reserving/Claims Reinsurance
Governance
Public Image
Finance
Economic
Bus. Model
Political
Competition
Underwriting
Reserving
Reinsurance
0
1
2
3
4
5
6
0 1 2 3 4 5 6
CIS Risk Map
Impact/Severity
Like
lihoo
d/Fr
eque
ncy
Risk Map
Establishing the Context
Risk Assessment • Risk Identification
• Risk Analysis • Risk Evaluation
RISK TREATMENT
Com
mun
icat
ions
& C
onsu
ltatio
n
Monitoring &
Review
Risk Treatment
Communication Plan
Benchmarks
Resources
New Strategies
Existing Strategies
Root Causes
Owner
Risks
ERM Treatment
Establishing the Context
Risk Assessment • Risk Identification
• Risk Analysis • Risk Evaluation
RISK TREATMENT
Com
mun
icat
ions
& C
onsu
ltatio
n
MO
NITO
RIN
G &
REVIEW
ERM Monitoring
ERM Monitoring — Dashboards
§ Identify the metric § Obtain data for the metric § Determine metric boundaries § Measure the above against the
old thresholds
ERM Monitoring — Examples
Complaints Bad Outcomes
Claims Overspending
Others’ experiences Internal controls
Surveys National standards
Establishing the Context
Risk Assessment • Risk Identification
• Risk Analysis • Risk Evaluation
Risk Treatment CO
MM
UN
ICAT
ION
S &
CO
NSU
LTAT
ION
Monitoring &
Review
ERM Communication
Use current communication channels
Add “Threats & Opportunities” to internal reports and Board/Staff
reports
ERM Communication
Positive Outcomes with ERM
Establishing the Context
Risk Assessment • Risk Identification
• Risk Analysis • Risk Evaluation
Risk Treatment
Com
mun
icat
ions
& C
onsu
ltatio
n
Monitoring &
Review
Creates Value Risk treatment
becomes part of culture
Clear format for addressing uncertainty
Systemic & structured method
worldwide
1 2
3 4
Provides for ownership,
responsibility, and accountability
Transparent and reactive
Facilitates continual
improvement
5 6
7